CVE-2026-20039 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 4, 2026
Cisco Secure Firewall ASA & FTD - Denial of Service
Published: March 4, 2026Updated: March 4, 2026Remote Exploitable
Overview
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software contain a denial of service vulnerability caused by ineffective memory management in the VPN web server, letting unauthenticated remote attackers cause device reloads by sending crafted HTTP requests, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Unauthenticated remote attackers can cause device reloads, resulting in denial of service.
Mitigation
Update to the latest available version of Cisco Secure Firewall ASA and FTD Software.
Related Resources
Details
- CVE ID
- CVE-2026-20039
- Severity
- High
- CVSS Score
- 8.6
- Type
- denial_of_service
- Status
- new
CWE
- CWE-244
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H